fix: Improve settings persistence and auth handling

The changes address several issues related to data persistence and security within the Condopay application.

**Settings Persistence:**
- **Condo Creation:** Corrected the logic for creating new condos. The system now correctly handles passing an empty string for the `id` when creating a new condo, allowing the backend service to generate the ID, rather than attempting to create a new ID on the frontend.
- **Family Quota Parsing:** Enhanced the parsing of `customMonthlyQuota` for families to safely handle empty or whitespace-only input, preventing potential errors during data submission.

**Authentication and Authorization:**
- **Admin Role Enforcement:** Ensured that the default admin user created during database initialization always has the 'admin' role, even if it was previously changed or created incorrectly.
- **Token Verification Error Handling:** Modified the JWT token verification to return a `401 Unauthorized` status for all token-related errors (e.g., expired, invalid). This will prompt the frontend to log out the user more effectively.
- **Admin Access Logging:** Added console warnings when non-admin users attempt to access admin-only routes, providing better visibility into potential access control issues.

**Infrastructure:**
- **Docker Cleanup:** Removed unused and outdated Dockerfiles and `.dockerignore` content, streamlining the build process and removing potential confusion.

These improvements enhance the reliability of data management for condos and families, strengthen security by ensuring proper role enforcement and error handling, and clean up the development infrastructure.

server/Dockerfile

@@ -1,10 +0,0 @@
-FROM node:20-alpine
-WORKDIR /app
-# Copia package.json del server
-COPY package*.json ./
-# Installa le dipendenze
-RUN npm install
-# Copia il codice sorgente del server
-COPY . .
-EXPOSE 3001
-CMD ["npm", "start"]

server/db.js

@@ -114,9 +114,6 @@ const initDb = async () => {
         if (!hasCondoId) {
             console.log('Migrating: Adding condo_id to families...');
             await connection.query("ALTER TABLE families ADD COLUMN condo_id VARCHAR(36)");
-            if (DB_CLIENT !== 'postgres') { // Add FK for mysql specifically if needed, simplified here
-                 // await connection.query("ALTER TABLE families ADD CONSTRAINT fk_condo FOREIGN KEY (condo_id) REFERENCES condos(id)");
-            }
         }
         if (!hasQuota) {
             console.log('Migrating: Adding custom_monthly_quota to families...');
@@ -207,6 +204,7 @@ const initDb = async () => {
       );
     }
 
+    // ENSURE ADMIN EXISTS AND HAS CORRECT ROLE
     const [admins] = await connection.query('SELECT * FROM users WHERE email = ?', ['fcarra79@gmail.com']);
     if (admins.length === 0) {
       const hashedPassword = await bcrypt.hash('Mr10921.', 10);
@@ -216,6 +214,10 @@ const initDb = async () => {
         [uuidv4(), 'fcarra79@gmail.com', hashedPassword, 'Amministratore', 'admin']
       );
       console.log('Default Admin user created.');
+    } else {
+        // Force update role to admin just in case it was changed or created wrongly
+        await connection.query('UPDATE users SET role = ? WHERE email = ?', ['admin', 'fcarra79@gmail.com']);
+        console.log('Ensured default user has admin role.');
     }
 
     console.log('Database tables initialized.');

server/server.js

@@ -16,7 +16,6 @@ app.use(cors());
 app.use(bodyParser.json());
 
 // --- EMAIL & SCHEDULER (Same as before) ---
-// ... (Keeping simple for brevity, logic remains same but using pool)
 async function sendEmailToUsers(subject, body) {
   try {
     const [settings] = await pool.query('SELECT smtp_config FROM settings WHERE id = 1');
@@ -44,22 +43,32 @@ async function sendEmailToUsers(subject, body) {
     });
   } catch (error) { console.error('Email error:', error.message); }
 }
-// ... Scheduler logic ...
 
 // --- MIDDLEWARE ---
 const authenticateToken = (req, res, next) => {
   const authHeader = req.headers['authorization'];
   const token = authHeader && authHeader.split(' ')[1];
+  
   if (!token) return res.sendStatus(401);
+
   jwt.verify(token, JWT_SECRET, (err, user) => {
-    if (err) return res.sendStatus(403);
+    // Return 401 for token errors (expired/invalid) to trigger frontend logout
+    if (err) {
+        console.error("Token verification failed:", err.message);
+        return res.sendStatus(401); 
+    }
     req.user = user;
     next();
   });
 };
+
 const requireAdmin = (req, res, next) => {
-  if (req.user && req.user.role === 'admin') next();
-  else res.status(403).json({ message: 'Access denied: Admins only' });
+  if (req.user && req.user.role === 'admin') {
+      next();
+  } else {
+      console.warn(`Access denied for user ${req.user?.email} with role ${req.user?.role}`);
+      res.status(403).json({ message: 'Access denied: Admins only' });
+  }
 };
 
 // --- AUTH ---
@@ -72,6 +81,7 @@ app.post('/api/auth/login', async (req, res) => {
     const validPassword = await bcrypt.compare(password, user.password_hash);
     if (!validPassword) return res.status(401).json({ message: 'Invalid credentials' });
 
+    // Ensure role is captured correctly from DB
     const token = jwt.sign(
       { id: user.id, email: user.email, role: user.role, familyId: user.family_id },
       JWT_SECRET, { expiresIn: '24h' }
@@ -237,9 +247,7 @@ app.delete('/api/notices/:id', authenticateToken, requireAdmin, async (req, res)
 app.post('/api/notices/:id/read', authenticateToken, async (req, res) => {
     const { userId } = req.body;
     try {
-        // Ignore duplicate reads
         await pool.query('INSERT IGNORE INTO notice_reads (user_id, notice_id, read_at) VALUES (?, ?, NOW())', [userId, req.params.id]);
-        // Note: For Postgres, INSERT IGNORE is ON CONFLICT DO NOTHING
         res.json({ success: true });
     } catch (e) { res.status(500).json({ error: e.message }); }
 });